How to activate HSTS for your domain

What is HSTS?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol.

What is required?

In order for HSTS to function, you must have:

an SSL certificate (included and pre-installed for free by default for all Hetzner domains)